Can You Spot(ify) the Fake?

I'm old enough to remember walking to the neighborhood record shop, buying a record, taking it home, and listening to it. My biggest worry was that the record might have a scratch on it, or might even be warped. Oh, how times have changed.

These days, when I buy music, my credit card information might be compromised, my passwords might be stolen, my identity might be stolen, my webcam might be turned on, and my computer might be locked up until I pay a ransom. Think it won't happen to you? Well, if you've clicked on Spotify recently, it may already be too late.

Spotify, a Swedish corporation, is one of the world's biggest music streaming providers. At last count, it had over 356 million active users in 178 countries. It hosts more than 70 million songs. Its basic service is free with advertisements and some limitations. Or, you can buy a subscription to unlock all the goodies. If you haven't tried Spotify, you should check it out. It really is an excellent service. But be careful.

Spotify's global popularity makes it an obvious target for fraud. Bad people have set up fake Spotify sites (in addition to other fake sites). Cybersecurity firm ESET discovered the insidious campaign. You see what appears to be a legitimate advertisement for Spotify (the image shown here is a screenshot of the fake site alongside the real site). What happens next depends on how the particular attack is being carried out. In one example, when you click on the ad, you are taken to a fake Microsoft Store site and an app is automatically downloaded. The zip file might have a sincere-sounding name, but it contains a copy of Ficker or FickerStealer. That is information-stealing Trojan malware and if you unzip the file and launch the executable program, the malware will immediately begin harvesting data from your computer.

A relatively new pox on society, Ficker seems to have surfaced in January on Russian hacker forums when its developer allowed others to rent the malware for anywhere from one week to six months. Saved login credentials, passwords, cryptocurrency wallets, documents and other personal data are all at risk, and the hackers can take screenshots of your computer. Ficker neatly and stealthily compiles all this, zips it, and sends it back to the bad people. Civility precludes me from mentioning what Ficker translates to in German.

So, next time you are in the mood for some streaming music, be aware of bogus web sites mimicking Spotify. For unknown reason, the attacks, so far, have mainly been directed at users in South America. Of course, the attack can be directed to anywhere. And of course, this isn't meant to be a knock on Spotify; it's just another reminder that any site can be spoofed.

As always, think twice before you click, check the URL carefully, change your passwords frequently (I know, I know), make sure your firewalls are up, and periodically run antivirus scans on your system. If you find yourself a victim of Ficker, change your online credentials immediately and run an antivirus scan. And check to make sure your records aren't warped.

PS: The fake site is on the left.

hk2000's picture

I spotted the fake immediately. But that maybe because I'm a long time Spotify subscriber.

John_Werner's picture

As I write this there is a bit of a rush on gas because something digitally was hacked. Clearly not good. I fear digital crimes will be seen and, possibly, felt in increasing frequency. I heard on Public Radio today an expert saying this particular Russian hack was done by a group that is set up more like Microsoft than some rogue lone anti-social hack. This means just like with digital audio a fix needs to be in - and fast. Since those early harsh sounding CDS I'd say lots of smart folks decided if it had to be digital then it had to actually be sonically good too. Most CDS sound pretty good today save for still being over compressed in some cases. In other words the audio community rallied and made digital quite good. Now the cyber world needs to do the same. It's time to make hacking as nostalgic as those first wretched sounding CDS. With our cash going to 0's and 1's more than physical paper something needs to be fixed. If digital audio can sound as good as the best analog why can't the rest of digital be fixed???